From 9b1f5ad08021958fce4bd1976ee78e41615ad5ed Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Mon, 26 Jun 2023 11:36:30 +0100
Subject: [PATCH] Different check for links within summary for person objects

---
 daemon.py | 42 +++++++++++++++++++++++++++---------------
 1 file changed, 27 insertions(+), 15 deletions(-)

diff --git a/daemon.py b/daemon.py
index 2a39236f7..6ffce1d10 100644
--- a/daemon.py
+++ b/daemon.py
@@ -2053,21 +2053,33 @@ class PubServer(BaseHTTPRequestHandler):
                     self.server.postreq_busy = False
                     return 3
             # check that the summary does not contain links
-            if message_json['object'].get('summary'):
-                if len(message_json['object']['summary']) > 1024:
-                    print('INBOX: summary is too long ' +
-                          message_json['actor'] + ' ' +
-                          message_json['object']['summary'])
-                    self._400()
-                    self.server.postreq_busy = False
-                    return 3
-                if '://' in message_json['object']['summary']:
-                    print('INBOX: summary should not contain links ' +
-                          message_json['actor'] + ' ' +
-                          message_json['object']['summary'])
-                    self._400()
-                    self.server.postreq_busy = False
-                    return 3
+            if message_json['object'].get('type') and \
+               message_json['object'].get('summary'):
+                if message_json['object']['type'] != 'Person' and \
+                   message_json['object']['type'] != 'Application' and \
+                   message_json['object']['type'] != 'Group':
+                    if len(message_json['object']['summary']) > 1024:
+                        print('INBOX: summary is too long ' +
+                              message_json['actor'] + ' ' +
+                              message_json['object']['summary'])
+                        self._400()
+                        self.server.postreq_busy = False
+                        return 3
+                    if '://' in message_json['object']['summary']:
+                        print('INBOX: summary should not contain links ' +
+                              message_json['actor'] + ' ' +
+                              message_json['object']['summary'])
+                        self._400()
+                        self.server.postreq_busy = False
+                        return 3
+                else:
+                    if len(message_json['object']['summary']) > 4096:
+                        print('INBOX: person summary is too long ' +
+                              message_json['actor'] + ' ' +
+                              message_json['object']['summary'])
+                        self._400()
+                        self.server.postreq_busy = False
+                        return 3
             # if this is a local only post, is it really local?
             if 'localOnly' in message_json['object'] and \
                message_json['object'].get('to') and \